Ich habe die vollständige Ausgabe mit Debug angehängt, um zu sehen, ob jemand herausfinden kann, was schief läuft. Ich habe versucht, /etc/puppet/ssl/ zu entfernen, und die beiden Knoten (Agent und Master) können sich gegenseitig per IP und Hostname anpingen. Ich verwende Vagrant. Beim Ausführen von # puppet cert list wird auf dem Master nichts angezeigt, und ich habe einen TCPdump auf dem Agenten ausgeführt, als ich versucht habe, den Agenten auszuführen. Zumindest wird Netzwerkverkehr generiert, der auf den Master abzielt. Ich bin mir nicht sicher, was das Problem ist. Hilfe wäre willkommen ^^.
[root@vagrant-puppet-c664-wiki vagrant]# puppet agent --test --debug --server=vagrant-puppet-master.pv.com
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"1755", :links=>:follow, :path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet"}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting false
Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow, :path=>"/var/run/puppet"}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'statefile': 'File[/var/lib/puppet/state/state.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"660", :links=>:follow, :path=>"/var/lib/puppet/state/state.yaml"}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/clientbucket"}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'lastrunfile': 'File[/var/lib/puppet/state/last_run_summary.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_summary.yaml"}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:ensure=>:directory, :backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/state/graphs"}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_yaml"}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"600", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: Using settings: adding file resource 'lastrunreport': 'File[/var/lib/puppet/state/last_run_report.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"640", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_report.yaml"}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"771", :links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_data"}'
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: Finishing transaction 70281662410760
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"1755", :links=>:follow, :path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet"}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow, :path=>"/var/run/puppet"}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:ensure=>:directory, :backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"600", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"771", :links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 70281661077540
Debug: Using cached certificate for ca
Debug: Using cached certificate_request for vagrant-puppet-c664-wiki.pv.com
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Exiting; no certificate found and waitforcert is disabled
Antwort1
Sie haben es entfernt /etc/puppet/ssl, aber (zumindest auf dem Client) ist dies nicht der Speicherort, der für die Speicherung des SSL-Zertifikats verwendet wird.
Möglicherweise haben Sie die Zertifikatsanforderung vom Master entfernt, aber der Client sendet nie eine neue Zertifikatsanforderung an den Master, da er denkt, dass er immer noch nur auf die Genehmigung wartet.
Löschen Sie das /var/lib/puppet/ssl/Verzeichnis auf dem Client. Führen Sie es auch puppet config print ssldirauf dem Master aus und überprüfen Sie, ob es das ist, was Sie erwarten, und puppet cert list --allob noch kein Zertifikat mit dem Namen dieses Clients vorhanden ist. Und stellen Sie sicher, dass Sie den Master-Dienst neu starten, wenn Sie das SSL-Verzeichnis auf dem Master löschen.